Data Access IDS NGIPS UTM Application Control Vulnerability Management NBA NAC VPN Malware Sandbox Antivirus Email NGFW Firewall IAM AMP Speeding Ahead of the Sensors Agility is Its Strength Destructive if Modified 40 % user penetration ©2015 Cisco and or its affiliates. Other company, product and service names may be trademarks or service marks of others. Combination Attacks Evade Point Solutions In the first half of 2015, malicious actors demonstrated an elevated level of attack sophistication that leveraged agility, destruction, adaptability, and speed to achieve their objectives. Angler, Rombertik, Adware MultiPlug, and Dridex are the top four most well-known examples of how these combination attacks evade detection, infiltrate defenses, and destroy systems. The security industry needs to move toward an integrated threat defense to keep pace with combination attacks. To learn more, download the 2015 Midyear Security Report. www.cisco.com/go/msr2015 Cisco 2015 Midyear Security Report Continually throws different ‘hooks’ to increase effectiveness to complete campaign, before traditional antivirus tools can react 9 hours Dridex Angler Rombertik Quickly morphs campaign content such as user agents, attachments, and referrers; and relaunches campaign Uses Microsoft® Office macros to quickly deliver banking Trojans Targets and exploits unpatched software Up to unique campaigns in time observed 850 75 % Over of domain shadowing activity leads to Angler Encrypts payload for delayed analysis Obfuscates compromised landing pages Adapts and Mutates to Evade Detection Adware MultiPlug Shifted away from old URL-encoding scheme to increase penetration rate 4,000 add-on variants employed Bundles malicious add-ons with seemingly useful yet unwanted applications 500 domains used across three month period Uses spam and phishing to gain access instructions to memory, creating a stalling tactic for sandboxes 960M Destroys master boot record and renders computer inoperable Performs excessive activity to flood tracing tools Once past sandbox, calls Windows API 335,000 times as an anti-debugging mechanism